Carzilla

Last updated: May 16, 2025

Welcome to Carzilla.

CARZILLA CAR RENTAL L.L.C, a limited liability company incorporated under the laws of the United Arab Emirates, holding Commercial License No. 1390013, having its registered office at Office MF/27, Mohammed Obaid Mohammed Al Badoor Building, Naif, Dubai, United Arab Emirates, fully authorized and licensed by the Roads and Transport Authority (RTA) of Dubai under Traffic File Reference No. 122362 to perform car rental activities within the Emirate of Dubai.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how Carzilla (referred to as "Carzilla", "we", "us", or "our") collects, uses, shares, and protects your information when you use our subscription-based vehicle rental platform. It is written in clear language to be accessible yet remains formal and comprehensive. Please read it carefully to understand our practices regarding your personal data.

Applicability

This Privacy Policy applies to all users of Carzilla worldwide, regardless of where you access or use our services. Carzilla operates globally – our website and app can be accessed from anywhere – however, our rental services are currently available only in selected countries. Regardless of your location, if you interact with Carzilla, your information will be handled according to this Policy. We comply with applicable data protection laws in the jurisdictions we operate and provide the same high standard of privacy protection to all our users.

Please note that Carzilla’s services are intended for adults (typically, individuals of legal driving age in their country, usually 21 or older). We do not knowingly collect personal data from children. If you are under the legal driving age, please do not use Carzilla. If we discover we have collected data from a minor, we will delete it promptly.

Data Collected

Personal data is collected by Carzilla to provide and enhance our services. The types of information we collect include:

Identity Information: Details that identify you, such as your full name, date of birth, and government-issued identification documents (e.g. driver's license, passport or national ID). This may also include identity numbers and copies or scans of ID documents when required for verification.
Contact Information: Information that allows us to communicate with you, including your email address, phone number, and mailing address.
Payment Data: Payment details you provide for subscription and rental fees. We use Stripe to process your payments, so this may include your credit or debit card number, expiration date, and billing address. (For security, Carzilla itself does not store your full card details; they are handled by Stripe on our behalf.)
Driving Eligibility Info: Information related to your ability to drive legally. This includes your driver's license details (license number, issuing country, expiration date) and may include aspects of your driving history or record (e.g. driving experience or any record of violations if required for eligibility checks).
Location Data: Precise geolocation and related data from vehicle telematics systems when you use a Carzilla vehicle. The cars in our fleet may have GPS trackers and onboard telematics that provide real-time location, travel routes, speed, and other usage information. For example, when you rent a vehicle, we collect its location data to assist with navigation support, ensure safety, prevent theft, and enable features like remote immobilization (to disable the vehicle in case of suspected theft or unauthorized use).
Biometric Data: Biometric identifiers or information collected during identity verification. Specifically, Carzilla uses Sumsub for selfie identity verification as part of our Know Your Customer (KYC) process. This means we collect a photo or video selfie of you, which Sumsub analyzes to create biometric templates (such as facial recognition data) to confirm that you match your ID document. This biometric data is used solely for fraud prevention and identity confirmation.
Device and Browser Information: Technical information from the device and browser you use. This can include your device type, operating system, browser type and version, IP address, unique device identifiers, language settings, and other device-specific configurations. We collect this data automatically when you interact with our website or app to ensure compatibility and security (for example, to detect suspicious logins or to optimize our app for your device).
Usage Data: Data about how you use Carzilla's platform. This includes the pages or screens you visit, features you click on or use, date and time of actions, clicks, scrolls, search queries, and other interaction information. We also log transaction details such as rental bookings made, vehicles selected, and duration of rentals. This information helps us understand user engagement and improve our services.

We collect most of this information directly from you (for instance, when you sign up, fill out your profile, upload documents, or use the app). Some data, like telemetry from vehicles or device info, is collected automatically. In all cases, we only collect personal data that is necessary for the purposes described in this Policy.

Data Use

Carzilla uses your personal data for specific, legitimate purposes. We do not collect data for its own sake – every piece of information has a purpose tied to delivering and improving our service or meeting legal requirements. Below are the ways in which we use the data we collect:

Account Creation and Management: We use identity and contact information to set up your user account and subscriber profile. This allows you to register with Carzilla and login securely. Our authentication system is powered by Clerk, which manages your sign-in credentials and helps verify your identity upon login. We maintain your account details to provide you with a personalized experience, such as saving your preferences and rental history.
Identity Verification (KYC): We process your identity documents and biometric data to verify who you are and confirm you meet our eligibility criteria (such as age and a valid driver's license). Carzilla integrates Sumsub as our KYC provider to perform these checks. This process helps prevent identity fraud, ensures that only qualified drivers use our service, and keeps the platform safe for all users.
Payment Processing: We use your payment data (like credit card information) to handle subscription fees, rental charges, deposits, and any fines or penalties (for example, traffic tickets or late return fees). All payments are processed through Stripe, a secure payment gateway. Stripe uses your payment details to authorize and complete transactions on our behalf. This ensures that payments are handled safely and that Carzilla never directly stores sensitive card numbers. We may also use payment information to refund you (when applicable) or to resolve billing disputes.
Providing and Managing Rentals: Your information is essential for us to facilitate the vehicle rental service. We share necessary details (such as your name, contact info, and license confirmation) with our rental partners or fleet providers to dispatch vehicles you've booked. We also use location and telematics data during your rental for operational purposes – for instance, to assist with directions or roadside support, to monitor vehicle condition and ensure it remains within allowed areas, and to protect our property. If a vehicle is reported stolen or is being misused, we may use telematics data to locate it and remotely immobilize the vehicle for safety and theft prevention. All such uses are aimed at delivering a smooth, safe rental experience.
Customer Support and Communication: We keep your contact details and relevant account/rental information on hand to provide you with customer support. If you reach out for help or have a question, we will access your information to troubleshoot issues or answer your queries. We also use your email or phone number to send service-related communications. These include booking confirmations, pickup and return instructions, account alerts (like password resets or unusual login notifications), policy updates, and important safety or recall notices about vehicles. We may also inform you of new features or improvements to our services.
Platform Improvement and Analytics: Usage data and device information help us understand how our users interact with Carzilla. We analyze this data to fix bugs, optimize app performance, and improve the design and content of our platform. For example, tracking which pages are most visited or where users drop off in the booking process can guide us to make Carzilla more user-friendly. We also use analytics to test new features and ensure our platform scales properly. In doing so, we often use aggregated or anonymized data (so individual users are not identified) whenever possible.
Legal Compliance and Safety: We may use any of the above categories of data as necessary to fulfill our legal obligations and to ensure the safety and integrity of our operations. This includes using identity, driving eligibility, and payment information to comply with laws relating to car rentals, insurance, anti-money laundering (AML), and traffic regulations. For example, we might retain copies of your rental agreements or ID for a period required by local law. We also use personal data to enforce our Terms and Conditions and other agreements (for instance, to investigate and take action on violations like fraud, theft, or abuse of our service). In certain cases, we might use location or identity data to cooperate with law enforcement or respond to lawful requests (such as verifying your identity if there's an accident or providing GPS info in case of an emergency). We only use your data for these purposes when necessary and in accordance with applicable laws.

In summary, Carzilla only uses your personal information for purposes that are relevant and necessary for your use of our service, for our legitimate business operations, or to meet legal and contractual obligations. We do not use your data for unrelated secondary purposes without your consent. If we ever need to use your information for a new purpose not covered by this Privacy Policy, we will inform you and, if required, seek your consent.

Third-Party Software Services

To run Carzilla efficiently, we rely on a number of trusted third-party service providers and tools. These third-party services help us with various aspects of our platform – from data hosting to user verification – and in some cases will process personal data on our behalf. We carefully select these providers and require that they maintain strict standards of security and confidentiality. Below is a list of the key third-party software services we use, along with a description of what they do:

Amazon Web Services (AWS): We host much of Carzilla's infrastructure on AWS cloud servers. AWS provides secure data centers where our databases and backend systems run. This means personal data (from your account info to telemetry data) is stored on AWS servers. AWS allows us to scale our service globally while protecting data with robust physical and network security.
Google Cloud Platform & Google Drive: In addition to AWS, we utilize Google Cloud for certain computing needs and backups. We may also use Google Drive for some internal file storage and collaboration. These Google services might hold internal documents or datasets that include user information (for example, exporting reports of transactions which may contain your customer ID or name). Google's infrastructure is used to ensure high reliability and availability of our service and internal operations.
Clerk: Clerk is the user authentication and account management service embedded in Carzilla. It handles user sign-ups, logins, password management, and verification emails or texts. When you log in or create an account, Clerk helps verify your credentials (like sending OTP codes or magic links) and securely stores authentication tokens. Clerk ensures that only you can access your account while keeping your login data (such as hashed passwords or social login tokens) secure.
Sumsub: Sumsub is our identity verification partner that conducts KYC (Know Your Customer) checks. When you submit your ID and selfie for verification, Sumsub receives that data directly through an integration in our app. They use automated algorithms and checks (including biometric facial recognition and document authenticity verification) to confirm your identity and detect fraud. Sumsub then provides Carzilla with the verification result (e.g. verified or not, and any relevant metadata like document type). This service helps us comply with legal requirements and maintain a safe platform without Carzilla needing to manually process sensitive IDs.
Stripe: Stripe is our payment processing gateway. When you enter your credit or debit card details to pay for a subscription or rental, that information is transmitted securely to Stripe. Stripe processes the payment, charges your card, and then tells us if the payment was successful. Stripe may store your card information (often as a token) to enable future charges (for example, for monthly subscription billing or incidentals). Importantly, Carzilla does not store your raw card number or CVV on our servers – Stripe handles that on our behalf to maintain the highest level of payment security (PCI DSS compliance). Stripe may also employ fraud detection to alert us of suspicious transactions.
Slack: Slack is an internal communication and collaboration tool used by the Carzilla team. We use Slack to discuss day-to-day operations, including possibly sharing limited user information among our team when necessary (for instance, to coordinate support or review a specific rental case). For example, if you have an ongoing support issue, our support team might reference your first name or booking number in a private Slack channel to seek help from other team members. While Slack is not a system of record for user data, it may incidentally contain snippets of personal data in conversations. We have controls in place to limit what sensitive information is shared via Slack.
Notion: Notion is an internal documentation and productivity platform we use for notes, guides, and records. Carzilla maintains things like internal knowledge bases, operational checklists, and project plans on Notion. Some of these internal documents might include user data – for instance, a troubleshooting guide could contain an example of a user issue (with a fictitious or anonymized name) or we might log certain support resolutions. We treat any personal data in Notion with care and restrict access to our team members who need it for their role.
Figma: Figma is a design and prototyping tool we use to design the Carzilla app and website interface. Generally, Figma is used for creating visual layouts and does not store any of our users' personal information. It may contain images or graphics of our app screens (which could, for example, show a dummy profile name or placeholder data for design purposes, but not real user data). We mention it here for full transparency, but no actual customer personal data is processed or stored in Figma.
Pandadoc: Pandadoc is a document management and electronic signature platform. Carzilla may use Pandadoc to generate or manage digital documents such as rental agreements, terms of service acknowledgments, or partner contracts. If you are required to sign a rental agreement or any document via Carzilla, Pandadoc might be used to facilitate that e-signature process. These documents could include personal details like your name, contact information, and driver's license number, since they form part of the contractual agreement between you and a rental partner. Pandadoc keeps these documents secure and provides us with an efficient way to handle signatures and document storage.
Postman: Postman is a software tool used by our development team to test and debug our APIs (Application Programming Interfaces). In the course of developing and maintaining Carzilla's backend, we might use Postman to simulate requests that the app or website would send. This can involve using sample or actual data to ensure things work correctly (e.g., testing a booking creation or fetching a user profile via the API). While Postman is not a database, any use of real personal data in testing is minimal and handled with care. Primarily, it's a tool for our engineers and does not directly interact with users in production.
Retool: Retool is a platform that allows us to build internal admin dashboards and tools quickly. Carzilla's team uses Retool to create administrative interfaces for internal use — for instance, a dashboard to view booking information, or a tool to help customer support modify a reservation or verify a user's documents. Through Retool, our authorized staff can access and update certain user or rental data when needed (for example, resetting a password for a user who requested help, or extending a rental period on the backend). Retool essentially provides a secure, user-friendly window into our database for admins. All data accessible via Retool is protected by authentication and only available to staff with proper permissions.
ImaginStudio: ImaginStudio is a third-party service we use to provide high-quality vehicle images and visuals on the Carzilla platform. When you browse cars in the app, the photos or 3D models you see might be delivered via ImaginStudio's API, which has a vast library of car images. This service helps ensure we show accurate representations of each car model. ImaginStudio does not process your personal data; it only supplies car-related content. We include it here to be transparent about all significant integrations.
Leantech: Leantech is an open banking API provider, approved and regulated by the Central Bank of the UAE. It enables Carzilla to securely connect to your bank account to facilitate our internal financial scoring process. Through Leantech, Carzilla obtains necessary financial insights safely and confidentially, without having direct access to your banking credentials or personal bank account details. This helps us determine eligibility and assess financial risk accurately and securely, maintaining strict compliance with privacy and security standards.
Cursor: Cursor is a development and administrative tool (for instance, an AI-assisted coding tool or database cursor interface) used by our tech team. Depending on context, Cursor might be used to run queries on our database or to assist with code that processes data. It operates within our secure environment. Any personal data accessed through such a tool remains within our controlled systems – the tool itself doesn't store your data externally. We mention it to cover all tools in our workflow, even if it has no independent role in data processing beyond what our team does.
Bitwarden: Bitwarden is a secure password management service that Carzilla uses to store and manage credentials (passwords, API keys, encryption keys, etc.) for our various systems and accounts. While this doesn't directly handle your personal data, it's a critical part of our security infrastructure. By using Bitwarden, we ensure that administrative access to databases, third-party services, and other sensitive systems is restricted to authorized personnel and protected by strong encryption. This indirectly safeguards your personal information by preventing unauthorized access.
Cloudflare: Cloudflare is a web performance and security provider. Carzilla uses Cloudflare's services (such as content delivery network and DDoS protection) to optimize our website/app loading times globally and to shield our platform from malicious traffic. When you connect to Carzilla, your requests may pass through Cloudflare's network. As a result, Cloudflare will process certain technical data about you — like your IP address, device info, and browsing behavior on our site — in order to filter out bad traffic and cache content for faster delivery. This helps provide a smooth and safe user experience. Cloudflare is GDPR-compliant and only uses this data to provide services to us, not for its own purposes.

We ensure that all these third-party service providers are bound by strict privacy and security obligations. They only receive the information necessary for their function, and they are not allowed to use your data for anything outside the scope of what Carzilla has contracted them for. For example, Stripe can only use your info to process payments, not to market to you; Slack and Notion are used under our internal policies for handling data; and so forth. Furthermore, whenever your data is transferred to or stored by these providers, we rely on safeguards such as encryption and, where required by law, data processing agreements or Standard Contractual Clauses to ensure your data remains protected to the standards of this Privacy Policy.

Data Sharing

We value your privacy and do not sell your personal data to third parties for profit. However, in order to operate our business and provide services to you, we do share your information with certain categories of recipients under strict conditions:

Rental Partners and Service Providers: When you make a booking on Carzilla, we share relevant information with the Carzilla-approved rental partner or vehicle provider fulfilling your subscription. This may include your name, contact details, driver's license status, and rental details so they can hand over the vehicle and comply with their legal obligations (like verifying your identity at pickup). These partners are contractually required to use your information only for providing the car rental service (and related purposes like insurance) and to protect it according to applicable laws. Additionally, as described above, we share data with third-party vendors and software services (such as Stripe, Sumsub, Clerk, etc.) who process data on our behalf. Each of these parties only gets the data necessary for their function and is bound by privacy agreements. For instance, Sumsub receives your documents for verification only, and Stripe receives your payment info for transaction processing.
Within Our Corporate Group: If Carzilla is part of a group of related companies (for example, subsidiaries or affiliates), we may share data within that family of companies as needed to operate and improve the service. Any internal sharing still complies with this Privacy Policy and, of course, all relevant confidentiality and security measures.
Legal Requirements and Protection: We may disclose personal information to government authorities, law enforcement, or other third parties if required to do so by law or legal process. For example, we might need to respond to a court order or subpoena, or to regulatory requests (perhaps providing rental records for tax or insurance audits). We may also share information if we believe in good faith that it is necessary to enforce our Terms and Conditions or other agreements, to investigate or protect against fraudulent or illegal activity, to protect the safety, rights, or property of Carzilla, our users, our partners, or the public. This could include sharing data with law enforcement in the event of suspected fraud, identity theft, theft of a vehicle, or to report an accident.
Business Transfers: If Carzilla undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, your personal data may be transferred as part of that deal. We would only do this subject to confidentiality agreements and appropriate safeguards. If such a change in ownership happens, we will ensure that your data remains protected and will provide notice on our platform (and choices where required by law) before any new privacy practices take effect.
With Your Consent: In situations where you explicitly consent to or request data sharing, we will share your information accordingly. For example, if you ask us to share your feedback with a partner, or you integrate a third-party service that requires us to send your data (say, a mapping app or a loyalty program you link to Carzilla), we will do so at your direction. In these cases, we will make clear what information will be shared and with whom, so you can make an informed decision.

Aside from the above, Carzilla will not disclose your personal information to anyone. We never sell or rent user data to marketers or unrelated parties. Even when we share data for legitimate purposes (like those listed), we strive to anonymize or aggregate it when possible. For instance, we might share aggregated usage statistics with a partner or advertise how many users we have in a city – but those reports will not personally identify you.

Finally, if we ever need to share information for a purpose not covered by this Policy, we will obtain your permission or provide the relevant notice at that time.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In practice, this means:

If you have an active account, we will keep your data for as long as your account exists, so that we can provide you with the services. This includes maintaining your profile information, rental history, payment records, and preferences.
If you close your account or become inactive, we will either delete or anonymize your personal data after a reasonable period, or if not immediately feasible, securely store it and isolate it from further use until deletion is possible. Inactive data might be retained for a certain time in case you return to the service, to allow for easier reactivation and to maintain continuity (for example, saving your driving eligibility verification so you don't have to re-submit documents if you come back within a certain timeframe). We will not keep it longer than necessary.
In certain cases, we may retain specific information to comply with legal obligations or for legitimate business purposes even after an account is deleted. For example, we might keep transaction records, invoices, and rental agreement details for a number of years as required by financial, tax, or insurance laws. Likewise, we may need to retain data related to disputes or accidents until those are fully resolved. Another example is retaining records of consent (such as proof that you agreed to this Privacy Policy or gave consent for a particular processing) as required by law.
When determining retention periods, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure if we keep it; the purposes for which we process it and whether we can achieve those purposes through other means; and all applicable legal requirements.

After the retention period is over, we will securely erase or anonymize your personal data so that it can no longer be associated with you. For example, we may remove identifying details from usage data and keep it in aggregate form for analytical purposes (so we can continue to understand usage trends without attributing data to any individual). If full deletion or anonymization is not immediately possible (for instance, the data is stored in secure backups), we will isolate it from active use until deletion is feasible.

In summary, Carzilla does not keep personal data indefinitely. We ensure that data is retained only for the needed duration and then safely disposed of. If you have specific questions about our data retention practices for different types of data, you can contact us for more detail.

User Rights

Carzilla is committed to respecting the rights you have over your personal data. Depending on your location and the applicable laws, you may have some or all of the following privacy rights, which we honor for all users as a matter of good practice:

Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide you with a summary of the information, along with an explanation of how it's used and who it's shared with, in a concise and transparent format.
Right to Correction: If any of your information is inaccurate or incomplete, you have the right to ask us to correct or update it. For example, if you change your phone number or notice your name is misspelled in our records, you can notify us to fix it. We strive to keep your data accurate, but we appreciate your help in keeping it up to date.
Right to Deletion: Also known as the "right to be forgotten," this allows you to request that we delete your personal data. If you no longer want to use Carzilla and you want your data removed, you can ask us to do so. We will delete the information that we are not legally required or otherwise permitted to keep. Keep in mind that certain data must be retained for at least some time (for instance, payment transaction records for financial compliance), but we will inform you if that is the case. Once your data is deleted, your Carzilla account will be closed and you may lose any stored preferences or credits.
Right to Object or Restrict Processing: You have the right to object to certain processing of your data or ask us to limit how we use it. For example, if you feel our processing of your data is not necessary or is causing you harm, you can object. In certain cases, such as if you contest the accuracy of your data or if the processing is unlawful, you can also request that we restrict processing (essentially pause any active use of your data) until the issue is resolved. We will grant such requests when required by law.
Right to Opt-Out of Marketing: We may send you promotional communications about new features, offers, or partnerships (for example, a newsletter or a special rental discount). You have the absolute right to opt out of receiving marketing emails or messages from us. Every marketing email will contain an "unsubscribe" link, and you can also manage your communication preferences in your account settings or by contacting us. Even if you opt out of marketing, we will still send you essential service notifications (like rental confirmations or policy updates) as those are not promotional.
Right to Data Portability: In some jurisdictions, you have the right to request that we provide your data in a common, machine-readable format so you can transfer it to another service. If applicable, we will provide you with an export of your core account data upon request, so that you could, for instance, import it into a different service or simply have it for your own records.
Right to Withdraw Consent: Where we rely on your consent to process data (such as for collecting biometric data or sending marketing messages), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. For example, if you initially agreed to biometric verification but later change your mind, you can contact us to discuss alternative verification methods, though note that certain services may not be available without identity confirmation.
Non-Discrimination: Carzilla will not discriminate against you for exercising any of these rights. That means we won't deny you services, give you a different quality of service, or charge different prices just because you exercised your privacy rights. Our service offerings (except data-dependent features) remain the same whether or not you choose to exercise rights such as opting out of marketing or requesting data deletion.

How to Exercise Your Rights: You can typically exercise many of these rights through your account settings (for example, updating your profile or opting out of emails). For rights that require our involvement, or if you don’t have an account, you can contact us at support@carzilla.com with your request. We may need to verify your identity before fulfilling certain requests (to protect your privacy, we wouldn’t want to give your data to an imposter). Verification might involve confirming details we already have on file or asking for additional proof of identity if necessary. We will respond to your request as soon as possible, and in any event within any timeframes required by law (for instance, within 30 days under some regulations).

Please note that these rights are subject to some conditions and exceptions. If we cannot fulfill a request (for example, if you ask us to delete data which we must keep for legal reasons, or if a request is unreasonably repetitive), we will explain the reason. However, our general approach is to be transparent and helpful regarding your privacy concerns. We believe you should have control over your personal information.

Security Measures

We take security very seriously at Carzilla and have implemented a range of technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, alteration, or destruction. Here are some of the key security practices we follow:

Encryption: All communication between your device and Carzilla (our app or website) is encrypted using industry-standard HTTPS/TLS protocols. This means that personal data (like your login credentials, identity details, or payment information) is encrypted in transit and cannot be easily intercepted. We also employ encryption at rest for sensitive data in our databases and storage – for example, passwords are stored in hashed form, and sensitive fields may be encrypted on our servers so that even if our data were accessed, it would be unreadable without the proper keys.
Access Controls: We restrict access to personal data strictly to employees, contractors, and service providers who need to know that information to perform their duties. For example, our support team can view your account details to assist you, but they might not have access to more sensitive data like your full payment information (which is handled by Stripe). Our internal systems require authentication and follow the principle of least privilege – each team member only has the minimum access necessary for their role. Administrative access to databases and servers is protected via strong passwords and two-factor authentication, and credentials are managed securely (using tools like Bitwarden as mentioned).
Secure Infrastructure: We host our platform on reputable cloud services (AWS and Google Cloud) which employ robust physical security, network firewalls, and intrusion detection systems. These data centers are certified for high security standards and undergo regular audits. Additionally, Cloudflare is used to protect our public-facing services from threats like DDoS attacks, and to ensure you always connect to our service securely. We also keep our software and systems up to date with the latest security patches to reduce vulnerabilities.
Testing and Monitoring: Our development process includes security testing. We regularly monitor our systems for suspicious activities or anomalies. We use tools and techniques (including logging, automated alerts, and periodic audits) to catch unauthorized access or unusual behavior quickly. If we detect something concerning, we investigate it promptly. We also periodically review our security controls and may engage independent security experts to conduct penetration tests or security assessments on Carzilla's applications.
Employee Training and Policies: All Carzilla team members are trained on the importance of data privacy and security. We have internal policies that guide how to handle user data safely (for instance, rules against downloading data to personal devices, guidelines for using Slack/Notion without exposing sensitive info, etc.). Our team is trained to identify and prevent social engineering or phishing attempts as well. By fostering a culture of security, we further ensure your data stays safe.
Incident Response: In the unlikely event of a data breach or security incident, we have an incident response plan in place. This means we are prepared to take immediate action to mitigate any breach, secure the system, and assess impact. If a data breach occurs that affects your personal information, we will notify you and the appropriate authorities as required by law, and provide guidance on steps to protect yourself.

While we strive to use commercially acceptable means to protect your personal data, it’s important to understand that no method of transmission over the internet or method of electronic storage is 100% secure. However, we continuously work to update and improve our security practices to meet or exceed industry standards. We also encourage you to play a part in security: use a strong unique password for your Carzilla account, keep your login credentials confidential, and notify us immediately if you suspect any unauthorized access to your account.

Cookies and Tracking Technologies

Like most online services, Carzilla uses cookies and similar tracking technologies to provide and improve our platform. Cookies are small text files that are placed on your device to store information, which can be retrieved by our site or app later. We use cookies for several purposes:

Essential Cookies: These are necessary for our website/app to function properly. For instance, when you log in, a cookie helps keep you logged in as you navigate between pages. It also remembers your preferences (such as language or region selection) so you don't have to set them each time.
Analytics and Performance: We use cookies and third-party tools (like Google Analytics or similar, if applicable) to collect information about how users interact with Carzilla. This includes which pages you visit, how long you stay, and if you encounter errors. This data is aggregated and anonymized – it does not directly identify you – and helps us improve the structure, content, and overall user experience of the platform. For example, cookies can tell us that a lot of users had difficulty with a particular step in the booking process, indicating we should simplify it.
Functionality: Some cookies help enhance functionality, such as remembering your profile settings or the last car you viewed, to personalize your experience.
Advertising (if used): As of the latest update of this Policy, Carzilla does not display third-party ads, but if we ever do, cookies might be used to present relevant advertisements. In any case, we would update our policy and obtain any necessary consents before implementing such cookies.

When you first visit our site or install our app, you may be presented with a cookies banner or notification. Where required by law, we will obtain your consent for non-essential cookies. You have the right to control cookies: you can usually modify your browser settings to refuse or delete cookies. However, please note that if you disable cookies, some features of Carzilla might not function correctly (for example, you might be logged out or certain preferences might not be saved).

In addition to cookies, we may use other tracking technologies like web beacons (tiny graphic images embedded on pages or emails) or SDKs in our mobile app. For instance, if we send marketing emails, we might use a beacon to tell if you opened the email. This information helps us gauge the effectiveness of our communications and tailor future content.

For more details about our use of cookies and how to manage them, you can refer to our Cookies Policy (if available) or reach out to us with questions. By using our site and app with cookies enabled, you are agreeing to our use of cookies as described here.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes (for example, if we start collecting new types of personal data or change how we share data), we will notify you in a manner appropriate to the significance of the change. This might include prominently posting an announcement on our website/app, or sending you a notification via email or through your account.

The "Last updated" date at the top of this Policy will always indicate when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use Carzilla after a revised Privacy Policy has been posted, it will signify your acceptance of the updated terms, to the extent permitted by law. If required by law (for instance, in some jurisdictions, significant changes to how we use data might require re-obtaining consent), we will of course comply and seek your agreement where necessary.

In summary, no changes to this Policy will reduce your rights or the level of protection for your personal data without informing you. If you do not agree with the changes, you should discontinue use of Carzilla or exercise your rights (such as deleting your account), but we hope to always make improvements that benefit our users and enhance your privacy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and committed to resolving any privacy-related issues you may have.

You can reach our privacy team by email at privacy@carzilla.com. (Please note that this email is provided as an example; if this were a live policy, it would be an active contact address. In your correspondence, include your name and the details of your request or question so we can assist you efficiently.)

We will endeavor to respond to all legitimate inquiries without undue delay, and at latest within any timeframe required by applicable law. Your privacy is important to us, and we welcome your feedback. Thank you for trusting Carzilla with your vehicle rental needs and your personal data – we are committed to keeping that trust through our dedication to privacy and security.

"At Carzilla, we believe in straightforward pricing with no hidden fees. Our rates are designed to be competitive while providing excellent value for your rental."